A Privacy Advocate Seeks Public Help To Build A Spy-Proof ISP

The Patriot Act of 2001 is just one example of how the U.S. government is trying to legally beef up its electronic surveillance power on the Internet Service and other digital communications networks. But for Nicholas Merrill, the increasing amount of such government powers has sparked the drive to build a communication service that puts its customers’ privacy first and foremost. And he’s seeking your dollars to help to do it.

According to CNET‘s Declan McCullagh, Merrill is a former operator of a New York-based Internet Service Provider (ISP) who was sent by the FBI “a secret ‘national security letter’ (not an actual court order signed by a judge) asking for confidential information about his customers” in February 2004. And for six years, he and the ACLU fought the secret federal request–and won.

Now, Merrill has started the Calyx Institute, a “non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption.” The idea: The end users control their own data — and the encryption used–so the ISP cannot comply with any federal requests made.

Merrill has raised through crowd-funding service Indiegogo about $28,500 of the $1 million Calyx needs for a “bare-bones launch” of the ISP, which could privacy-enhanced Net service for as low as $20 per month.

I’m with you, a 100% Virtual Private Network that you pay to access (with multiple funding options for anonymity) that forward faces the internet using servers dedicated for the purpose of facing the private network with the rest of the internet could be huge. Everything within the VPN contains no logs and end-to-end encrypted traffic, and the only thing that wouldn’t be encrypted would be the traffic between the servers at the far end of the VPN and the internet, this would be nuts. :)

You can do that now.. sort of.. it is what I do to keep Verizons grubby little hands off my data so they cannot profit from it.. and then still jack up my FIOS rates.

I pay $25 a month for a VPS, on which I run openvpn and raccoon (ipsec tunnel software)

On my home gateway (freebsd), I connect to the openvpn connection, and then route all traffic through the openvpn gateway. Verizon only ever sees 1 connection, an encrypted connection between the two hosts. I also run my own DNS, or use one of the freely available ones from opendns or google.

I also have the same openvpn client installed on my android phones and tablets, so ATT will never see anything other then the same encrypted connection.

However, and ISP that would do that for me would save me a few dollars.

FYI, you can find VPS providers that will provision a small virtual server for around $5 a month too, and the host datacenters are spread out all over the place, including other countries, so that would allow you to bypass US gov monitoring too if the destination traffic is not directed to US based resources.

Yeah, the problem with VPS / SSH tunneling is the ISP still knows WHO(what IP) you’re communicating with, and if the service gets a letter, can you really trust them to not to start monitoring your traffic on their server, and all traffic between VPS and the internet is unencrypted. In the latter idea, all traffic would be end-to-end encrypted, and a virtual second internet would be established, communications in-network would not have the ability to be snooped on, period. Only if you choose to connect to the real internet, traffic between Internet 2 and the real internet could be monitored, the idea would be to encourage people to only use Internet 2 and gradually switch away from today’s internet. Once that phase completes, all traffic in-network would just be who is talking to who, but not what is said, thus the government would only be able to obtain connectivity logs only, but not the contents of the conversation/traffic. Much like prosecutors can only obtain call detail information from your phone company, but need a warrant to tap your actual conversation in real time. Eventually the government, under some form of CALEA would want the ability to tap, but this could be up to the provider of internet2 to only allow that with a valid warrant, and in theory the ISP would not be able to comply as they could only provide the encrypted information, the feds would have to instead subpoena the person/server you’re communicating with, and maybe put a man in the middle on the far end you’re communicating with that would log all inbound traffic from you.

While I give a standing ovation to this person for his effort, somehow I suspect that the government would frown on such a service and would demand that access be built into the system. They already demand, by law, that phone companies include the ability for the government to tap into them, so I suspect this would be no different.

If I follow this all correctly, the government can tap into their service all they want… all the traffic will be encrypted between the user and the server(s)/service(s) he connects to. So the evesdroppers can read all the encrypted traffic they want. Also, apparently, the ISP won’t be collecting user access logs (i.e. what sites they visit, what servers they connect to, etc.), although some legislation, if passed, may force him to do so.

It still boils down to this… evesdroppers can collect your encrypted traffic and then physically or legally force you to turn over your encryption keys.

I wish I would have known. I’d sign up in a heart beat. Hope it comes through and I can get it. Unfortunately it’ll probably be years upon years before we can enjoy something like that outside of major cities.